Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
7Lenin_Scri...do.htm
windows7-x64
1Lenin_Scri...do.htm
windows10-2004-x64
1Lenin_Scri...ert.js
windows7-x64
1Lenin_Scri...ert.js
windows10-2004-x64
1Lenin_Scri...ds.htm
windows7-x64
1Lenin_Scri...ds.htm
windows10-2004-x64
1Lenin_Scri...-1.htm
windows7-x64
1Lenin_Scri...-1.htm
windows10-2004-x64
1Lenin_Scri...-3.htm
windows7-x64
1Lenin_Scri...-3.htm
windows10-2004-x64
1Lenin_Scri...ads.js
windows7-x64
1Lenin_Scri...ads.js
windows10-2004-x64
1Lenin_Scri...RS.dll
windows7-x64
1Lenin_Scri...RS.dll
windows10-2004-x64
1Lenin_Scri...nd.dll
windows7-x64
7Lenin_Scri...nd.dll
windows10-2004-x64
7Lenin_Scri...or.dll
windows7-x64
1Lenin_Scri...or.dll
windows10-2004-x64
1Lenin_Scri...en.dll
windows7-x64
1Lenin_Scri...en.dll
windows10-2004-x64
1Lenin_Scri...og.dll
windows7-x64
1Lenin_Scri...og.dll
windows10-2004-x64
1Lenin_Scri...ls.dll
windows7-x64
1Lenin_Scri...ls.dll
windows10-2004-x64
3Lenin_Scri...ll.dll
windows7-x64
1Lenin_Scri...ll.dll
windows10-2004-x64
3Lenin_Scri...le.dll
windows7-x64
1Lenin_Scri...le.dll
windows10-2004-x64
1Lenin_Scri...dx.dll
windows7-x64
1Lenin_Scri...dx.dll
windows10-2004-x64
3Analysis
-
max time kernel
115s -
max time network
118s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
25/12/2023, 12:23
Behavioral task
behavioral1
Sample
Lenin_Script/#Beginner - IRCops, Who they are, and What they do.htm
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral2
Sample
Lenin_Script/#Beginner - IRCops, Who they are, and What they do.htm
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
Lenin_Script/#Beginner - IRCops, Who they are, and What they do_files/mseovert.js
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral4
Sample
Lenin_Script/#Beginner - IRCops, Who they are, and What they do_files/mseovert.js
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
Lenin_Script/bordem_net full commands_files/ads.htm
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral6
Sample
Lenin_Script/bordem_net full commands_files/ads.htm
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
Lenin_Script/bordem_net full commands_files/i-1.htm
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral8
Sample
Lenin_Script/bordem_net full commands_files/i-1.htm
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
Lenin_Script/bordem_net full commands_files/i-3.htm
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral10
Sample
Lenin_Script/bordem_net full commands_files/i-3.htm
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
Lenin_Script/bordem_net full commands_files/show_ads.js
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral12
Sample
Lenin_Script/bordem_net full commands_files/show_ads.js
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
Lenin_Script/dll/BARS.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral14
Sample
Lenin_Script/dll/BARS.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
Lenin_Script/dll/Band/band.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral16
Sample
Lenin_Script/dll/Band/band.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
Lenin_Script/dll/color.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral18
Sample
Lenin_Script/dll/color.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
Lenin_Script/dll/ctl_gen.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral20
Sample
Lenin_Script/dll/ctl_gen.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
Lenin_Script/dll/dialog.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral22
Sample
Lenin_Script/dll/dialog.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
Lenin_Script/dll/dlls.dll
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral24
Sample
Lenin_Script/dll/dlls.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
Lenin_Script/dll/edll.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral26
Sample
Lenin_Script/dll/edll.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
Lenin_Script/dll/findfile.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral28
Sample
Lenin_Script/dll/findfile.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
Lenin_Script/dll/mdx.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral30
Sample
Lenin_Script/dll/mdx.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
General
-
Target
Lenin_Script/#Beginner - IRCops, Who they are, and What they do.htm
-
Size
32KB
-
MD5
da5c1becbbe037a9baab36a055c149c3
-
SHA1
9866a5dfd912d51ed3a604076e02864fb1a160ca
-
SHA256
a14e7efecd978ca1b57633a58d0882cc2c7074e2c787bc0fb9540c95269cea16
-
SHA512
1dad96cc8d06df3f70bac8436200d14c1f2af8190f05e4cb711f0f4acd0d57195a730e580066a71b930f130ca66615405cb64d3f65f270e6efd3dc908c012b85
-
SSDEEP
768:b5lPc7CgKI0KdS8GuHEcBf0QWEHFngKpxN+P8+3eN+PLVC7XweRdmPnRYY5KGsS4:b5lE7CgKxi5DkcBf0QWEHFngKpxN+P83
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\GPU IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20d079165b39da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31078747" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "369589241" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "383808043" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410511577" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "369589241" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000015a2f750fe9ee1479ecf0c8cfb11934c0000000002000000000010660000000100002000000085c8757857ddc2805a5aafe45d9519b088d3968bd6c6a8bce5b4f110d6385412000000000e8000000002000020000000aa8e175b75e177efa5be852f21c16b090d06f051d6dfe222cb5e8b4643c8ea792000000043eb97ee0321cf9854b13494d68ededa3651d8f0ca76d0afac396af6902ee01740000000a8c6191bdc84cbb8a4a0193fbfe6269738054b268c7f66325b7cdd23d08189b222036089a226b203b31946e9c06cc3daf6692d478170c189eefbb4f1e27169ad iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31078747" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 308677165b39da01 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000015a2f750fe9ee1479ecf0c8cfb11934c00000000020000000000106600000001000020000000a0971878850de20f443f786afb5677725446f57257dd14c812ffe52af68d05cf000000000e8000000002000020000000f3af28d12d2962d27a0e57c40307e1000714f04b1205b10e46e2af361ae43ccb20000000fd0a40fe7cead0a3a8443d878d0b624308cc62f968eefdbd8c34d1f2e2e53ccf400000001a7855e09e6842c7b3af59ffb0e0b3c29fe6b5e81ca817f2a87a7c1f9bfb5539ee6d0ee05dd1557a18e330342465732f65cfdc4f5a40e812130634a1bdca28f5 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{41AC0646-A54E-11EE-A0B6-DA96C499C6F0} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\IESettingSync IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31078747" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2952 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2952 iexplore.exe 2952 iexplore.exe 4172 IEXPLORE.EXE 4172 IEXPLORE.EXE 4172 IEXPLORE.EXE 4172 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2952 wrote to memory of 4172 2952 iexplore.exe 15 PID 2952 wrote to memory of 4172 2952 iexplore.exe 15 PID 2952 wrote to memory of 4172 2952 iexplore.exe 15
Processes
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2952 CREDAT:17410 /prefetch:21⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:4172
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\Lenin_Script\#Beginner - IRCops, Who they are, and What they do.htm"1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2952
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee